Saturday, November 23, 2024
HomeAppleApple iTunes for Windows Flaw Let Attackers Execute Malicious Code

Apple iTunes for Windows Flaw Let Attackers Execute Malicious Code

Published on

iTunes has been found to have an arbitrary code execution vulnerability that might allow attackers to execute malicious code.

To fix this vulnerability, Apple has issued a security advisory. It also stated that until an investigation is complete and updates or releases are ready, Apple will not reveal, discuss, or validate security problems.

“Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available”, the company said.

- Advertisement - SIEM as a Service

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

iTunes Windows Security Flaw

The vulnerability has been tracked as the CVE-2024-27793, and the severity has not yet been classified.

This vulnerability affects Windows versions of iTunes lower than 12.13.1 and may allow a malicious file to be parsed, which might result in unexpected code execution or unexpected program termination on the impacted device. 

Apple has made “improving checks” before parsing a malicious file to address this issue.

University of Texas at Austin’s Willy R. Vasquez observed and reported this issue.

Recommendation

It is advised that users of Apple iTunes for Windows update to iTunes version 12.13.2 to fix this issue.

A severe vulnerability in several Apple products, including iPhones, MacBooks, iPads, and Vision Pro headsets, has prompted CERT-In to issue a high-risk alert. 

The vulnerability poses a serious risk to user security since it could enable remote execution of arbitrary code by attackers.

Upgrading Apple products to the most recent versions is advised to stop threat actors from taking advantage of these kinds of vulnerabilities.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

240+ Domains Used By PhaaS Platform ONNX Seized by Microsoft

Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by...

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in...

Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to...

Raspberry Robin Employs TOR Network For C2 Servers Communication

Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

240+ Domains Used By PhaaS Platform ONNX Seized by Microsoft

Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by...

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in...

Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to...